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A portable secure financial messaging unit (906) includes a 
receiver (804) and a selective call decoder (1004). The 
selective call decoder (1004) has a memory (1010) that 
includes a single unique selective call address corresponding 
with a predetermined financial transaction type. An address 
correlator (830) operates to determine substantial coinci- 
dence between the single unique selective call address and 
a received selective call address corresponding with the 
predetermined financial transaction type. In response to a 
coincidence, a main processor (1006) and a financial trans- 
action processor (1014) process-received information to 
effect a financial transaction corresponding with the prede- 
termined financial transaction type, 
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SINGLE ACCOUNT PORTABLE WIRELESS 
FINANCIAL MESSAGING UNIT 

FIELD OF THE INVENTION 

This invention relates in general to selective call signal- 
ling systems and more particularly to a selective call sig- 
nalling system that facilitates secure financial transactions 
over a wireless network to a single account portable wireless 
financial messaging unit. 

BACKGROUND OF THE INVENTION 

In conventional selective call signaling systems, a user or 
originator may send a message to a subscriber unit (e.g., 
selective call receiver), the message comprising an address 
associated with the subscriber unit, and data. The data may 
be in one or more forms such as numeric digits representing 
a phone number, alphanumeric characters representing a 
readable text message, or possibly a multimedia message 
comprising audio and graphical information. Typically, this 
form of messaging was sufficient to convey information 
between individuals or services relating to their business, 
special interests, whereabouts, general scheduling, or time 
critical appointments. However, because of society's 
increased need for information when a person is mobile, a 
solution must be found that allows an individual to perform 
personal or business transactions, as well as keeping 
informed of personal events, contacts, and business infor- 
mation. 

Considering conventional wireless systems including 
both cellular and paging applications, there are significant 
problems that must be solved before reliable and private 
personal or business transactions can be implemented. 
Because of the advancement of the engineering sciences, 
particularly in the areas of wireless communications and 
computer science, it has become relatively easy for a 
" hacker*' to monitor both the address and data broadcast to 
the selective call receiver. This unwanted monitoring or 
eavesdropping poses a problem to potential users of wireless 
communication systems in that their personal data may be 
exposed to unauthorized individuals, thus creating an unnec- 
essary risk for both parties if confidential information is 
broadcast. Moreover, if the information contains clear-text 
data representing a personal address, serial number, Personal 
Identification Number (PIN) or the like, an unscrupulous 
party monitoring the data stream could gain access to an 
individual's personal accounts or pirate the address to clone 
an unauthorized communication device. The theft of service 
or confidential information in this manner is probably the 
most daunting issue facing communication equipment 
manufacturers and service providers today and in the future. 
The interest in securing data contained in broadcasts is 
especially keen in the area of electronic financial transac- 
tions. To expose for capture, the clear text data contained in 
a financial transaction invites, and will surely result, in a 
theft of funds or fraud against an individual. 

Thus, what is needed is wireless messaging system that 
allows an originator to communicate a secure message 
between a subscriber unit and the originator; and authenti- 
cate the secure message, without exposing the content or 
meaning of the message. 

SUMMARY OF THE INVENTION 

Briefly, according to the invention, there is provided a 
method and apparatus for sending data comprising secure 
financial transactions over existing paging infrastructure 
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equipment, using paging protocols such as FLEX®, a reg- 
istered trademark of Motorola, Inc., POCSAG (Post Office 
Code Standardisation Advisory Group), or the like. 
A first aspect of the invention involves realizing hardware 

5 that implements a method for overlaying secure messaging 
on an existing paging infrastructure. The existing paging 
infrastructure comprises a paging terminal that includes a 
paging encoder for processing received messages and their 
corresponding destination requests. The paging terminal 

10 generates a messaging queue of selective call messages 
comprising the received messages and their corresponding 
selective call addresses), as determined from the corre- 
sponding destination requests. Distribution of the selective 
call messages in the messaging queue is handled by the 

15 paging terminal which dispatches messages to at least one 
base station (e.g., transmitter, antenna, and receiver) for 
communication between the base station and the subscriber 
unit(s) or pagers. 

A second aspect of the invention involves the inclusion of 

20 a cryptographic engine in the,paging terminal for selectively 
ciphering, deciphering, signing, and verifying the authen- 
ticity of messages received from both an originator and from 
the subscriber unit or pager. 
A third aspect of the invention involves the subscriber unit 

25 or pager that is equipped with a special security module that 
can process cryptographic information contained in the 
selective call messages to verify their authenticity extract the 
ciphered data, and return ciphered responses or acknowl- 
edgments as necessary, to authenticate and confirm recep- 

30 tion of the secure message. 

A fourth aspect of the invention involves the subscriber 
unit or pager being equipped with a primary and possibly a 
secondary apparatus for communicating both inbound and 

35 outbound messages. The primary apparatus comprises a 
conventional radio frequency receiver and optionally a con- 
ventional radio frequency transmitter. The secondary appa- 
ratus comprises an optical receiver and optionally an optical 
transmitter. Alternatively, the secondary apparatus may fur- 

40 ther comprise one or more acoustic or other electromagnetic 
transducers and associated circuitry implementing a uni- or 
bi-directional communication link between the subscriber 
unit or pager and the originator. 

A fifth aspect of the invention involves the subscriber unit 

45 or pager including a single, predetermined account identifier 
corresponding with at-least one of an electronic cash or 
funds storage card, debit-card, credit card, or bank account. 

A sixth aspect of the invention involves the subscriber 
unit or pager including multiple predetermined account 

50 identifiers corresponding with at least two of the following: 
electronic cash or funds storage card, debit card, credit card, 
or bank account. 

A seventh aspect of the invention involves the crypto- 
graphic engine in the paging terminal and the security 

55 module in the subscriber unit or pager accommodating a 
plurality of cryptographic procedures. These cryptographic 
procedures comprise both private and public key systems, as 
appropriate. One such private key system is the Data 
Encryption Standard (DES) using the ANSI X3.92 DES 

60 algorithm in CBC mode. Similarly, a first public key system 
is RSA (invented by Rivest, Shamir, and Adleman), a 
cryptographic procedure based on sub-exponential one-way 
functions implemented using modulo n integer multiplica- 
tion and exponentation. A second public key system uses 

65 elliptic curve technology, a cryptographic procedure based 
on highly non-linear exponential one-way functions imple- 
mented over finite fields. 
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An eight aspect of the invention involves initiating a FIG. 15 illustrates a typical sequence associated with 

wireless transaction from the subscriber unit or pager, the requesting and authorizing the electronic transfer of funds or 

wireless transaction relating to at least one of the electronic debit of funds by and from a wireless financial messaging 

cash or funds storage card, debit card, credit card, or bank unit. 

account. 5 FIG. 16 illustrates a typical sequence associated with the 

A ninth aspect of the invention involves a user selected wireless transfer of funds or debit of funds by and from a 

personal identification number that is programmed into the wireless financial messaging unit in both a 1-way and a 

subscriber unit or pager for protecting financial accounts or 2-way secure communication system, 
funds loaded in the subscriber unit or pager. 

A tenth aspect of the invention involves a user selected 30 DESCRIPTION OF A PREFERRED 
personal identification number that is programmed into the EMBODIMENT 
Smart Card via the subscriber unit or pager, thus disabling Referring to FIG. 1, an electrical block diagram illustrates 
access to any features of the protected Smart Card unless a dala transmission system 100, such as a paging system, for 
subsequently accessed or reprogrammed by the subscriber ^ use in accordance with the preferred embodiment of the 
unit or pager. present invention. In the data transmission system 100, 
An eleventh aspect of the invention involves authenticat- messages originating either from a phone, as in a system 
ing the an authorized subscriber unit or pager as a commu- providing numeric data transmission, or from a message 
nication agent for the wireless financial transaction, and entry device, such as an alphanumeric data terminal, are 
selectively disallowing any financial transactions directed to ^ routed through the public switched telephone network 
accounts belonging to or controlled by the authorized sub- (PSTN) to a paging terminal 102 which processes the 
scriber unit or pager when an inbound or outbound financial numeric or alphanumeric message information for transmis- 
transaction is communicated between an issuer and an sion by one or more transmitters 104 provided within the 
unauthorized subscriber unit or pager, and in the alternative, system. When multiple transmitters are utilized, the trans- 
preventing fund transfers or credit transactions that exceed ^ mitters 104 preferably simulcast transmit the message infor- 
a predetermined limit set either by an authorized user or a m avion to financial messaging units 106. Processing of the 
regulator such as a bank, a credit card issuer or the like. numeric and alphanumeric information by the paging ter- 
minal 102, and the protocol utilized for the transmission of 
the messages is described below. 
FIG. 1 is an electrical block diagram of a data transmis- 3Q Referring to FIG. 2, an electrical block diagram illustrates 
sion system for use in accordance with the preferred the paging terminal 102 utilized for processing and control- 
embodiment of the present invention. ling the transmission of the message information in accor- 
FIG. 2 is an electrical block diagram of a terminal for dance with the preferred embodiment of the present inven- 
processing and transmitting message information in accor- tion. Short messages, such as tone-only and numeric 
dance with the preferred embodiment of the present inven- 35 messages which can be readily entered using a telephone are 
^ coupled to the paging terminal 102 through a telephone 

t-^o i * *■ • a * mi ♦ ♦■ *u * • interface 202 in a manner well known in the art. Longer 

FIGS. 3-5 are timing diagrams lUustrating the transmis- me ^ ^ al hanumeric m s which ire f he 

sion format of the signaling protocol utilized in accordance ^ q[ \ ^ device afe kd tQ the m termiflal 

with the preferred embodiment of the present invention 1Q2 thrQUgh a modem 206 any of a number of well 

FIGS. 6 and 7 are timing diagrams illustrating the syn- 40 known modem transmission protocols. When a call to place 

chronization signals utilized in accordance with the pre- a message is received, a controller 204 handles the process- 

ferred embodiment of the present invention. ing of the message. The controller 204 is preferably a 

FIG. 8 is an electrical block diagram of a financial microcomputer, such as a MC680xO or equivalent, which is 

messaging unit in accordance with the preferred embodi- manufactured by Motorola Inc., and which runs various 

ment of the present invention. 45 pre-programmed routines for controlling such terminal 

n . j. c . * „ • operations as voice prompts to direct the caller to enter the 

FIG. 9 is a diagram of a secure messaging system in p . , j , . f t . . U1 .. e 

iL . • message, or the handshaking protocol to enable reception or 

accordance with the present invention. ffom a dat& efltry deyice wheQ a ^ fc received> 

FIG. 10 is a high level block diagram of a financial t he controller 204 references information storedju the sub- 
messaging unit in accordance with the preferred embodi- 5Q scriber database 208 to determine how the message being 
ment of the present invention. received is to be processed. The subscriber data base 208 

FIG. 11 is a block diagram of the message composition includes, but is not limited to such information as-addresses 

and encryption equipment that could be used on the pre- assigned to the financial messaging unit, message type 

mises of a financial institution to send secure electronic associated with the address, and information related to the 

funds transfer authorizations to financial messaging units via 5S status of the financial messaging unit, such as active or 

a paging channel. inactive for failure to pay the bill. A data entry terminal 240 

i-t^. j- \. 1 j- c -i i ti is provided which couples to the controller 204, and which 

FIG. 12 is a functional diagram of a wireless selective caU ^ ^ and ' 

signaling system controller that implements a combined MMioQ the subsc y rit £ da * 5ase 208 ^ for 

1-way and 2-way secure messaging system capable of monitori system performance, and for obtaining such 

signalling the financial messaging units. 60 information as billing information. 

FIG. 13 depicts the various layers of a messaging system ^ subscriber database 208 also includes such informa- 

m a format that is similar to the Organization Standards tion ^ t0 what transmission frame and to what transmission 

International (OSI) stack diagram that is well known in the phase lne fi nanc i a i messaging unit is assigned, as will be 

electronics industry. described in further detail below. The received message is 

FIG. 14 is a flow diagram depicting typical operation of 65 stored in an active page file 210 which stores the messages 

a financial messaging unit in accordance with the preferred in queues according to the transmission phase assigned to 

embodiment of the present invention. the financial messaging unit. In the preferred embodiment of 
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the present invention, four phase queues are provided in the 
active page file 210. The active page file 210 is preferably a 
dual port, first in first out random access memory, although 
it will be appreciated that other random access memory 
devices, such as hard disk drives, can be utilized as well. 
Periodically the message information stored in each of the 
phase queues is recovered from the active page file 210 
under control of controller 204 using timing information 
such as provided by a real time clock 214, or other suitable 
timing source. The recovered message information from 
each phase queue is sorted by frame number and is then 
organized by address, message information, and any other 
information required for transmission (all of which is 
referred to as message related information), and then 
batched into frames based upon message size by frame 
batching controller 212. The batched frame information for 
each phase queue is coupled to frame message buffers 216 
which temporarily store the batched frame information until 
a time for further processing and transmission. Frames are 
batched in numeric sequence, so that while a current frame 
is being transmitted, the next frame to be transmitted is in the 
frame message buffer 216, and the next frame thereafter is 
being retrieved and batched. At the appropriate time, the 
batched frame information stored in the frame message 
buffer 216 is transferred to the frame encoder 218, again 
maintaining the phase queue relationship. The-frame 
encoder 218 encodes the address and message information 
into address and message codewords required for 
transmission, as will be described below. The encoded 
address and message codewords are ordered into blocks and 
then coupled to a block interleaver 220 which interleaves 
preferably eight codewords at a time to form interleaved 
information blocks for transmission in a manner well known 
in the art. The interleaved codewords contained in the 
interleaved information blocks produced by each block 
interleaver 220 are then serially transferred to a phase 
multiplexer 221, which multiplexes the message information 
on a bit by bit basis into a serial data stream by transmission 
phase. The controller 204 next enables a frame sync gen- 
erator 222 which generates the synchronization code which 
is transmitted at the start of each frame transmission. The 
synchronization code is multiplexed with address and mes- 
sage information under the control of controller 204 by 
serial data splicer 224, and generates therefrom a message 
stream which is properly formatted for transmission. The 
message stream is next coupled to a transmitter controller 
226, which under the control of controller 204 transmits the 
message stream over a distribution channel 228. The distri- 
bution channel 228 may be any of a number of well known 
distribution channel types, such as wire line, an RF (radio 
frequency) or microwave distribution channel, or a satellite 
distribution link. The distributed message stream is trans- 
ferred to one or more transmitter stations 104, depending 
upon the size of the communication system. The message 
stream is first transferred into a dual port buffer 230 which 
temporarily stores the message stream prior to transmission. 
At an appropriate time determined by timing and control 
circuit 232, the message stream is recovered from the dual 
port buffer 230 and coupled to the input of preferably a 
4-level FSK (frequency shift key) modulator 234, The 
modulated message stream is then coupled to the transmitter 
236 for transmission via antenna 238. 

Referring to FIGS. 3, 4 and 5, the timing diagrams 
illustrate the transmission format of the signaling protocol 
utilized in accordance with the preferred embodiment of the 
present invention. This signalling protocol is commonly 
referred to as Motorola's FLEX selective call signalling 
protocol. As shown in FIG. 3, the signaling protocol enables 
message transmission to financial messaging units, such as 
pagers, assigned to one or more of 128 frames which are 



labeled frame 0 through frame 127. It then will be appreci- 
ated that the actual number of frames provided within the 
signaling protocol can be greater or less than described 
above. The greater the number of frames utilized, the greater 

5 the battery life that may be provided to the financial mes- 
saging units operating within the system. The fewer the 
number of frames utilized, the more often messages can be 
queued and delivered to the financial messaging units 
assigned to any particular frame, thereby reducing the 

1Q latency, or time required to deliver messages. 

As shown in FIG. 4, the frames comprise a synchroniza- 
tion codeword (sync) followed preferably by eleven blocks 
of message information (information blocks) which are 
labeled block 0 through block 10. As shown in FIG. 5,, each 
block of message information comprises preferably eight 

15 address, control or data codewords which are labeled word 

0 through word 7 for each phase. Consequently, each phase 
in a frame allows the transmission of up to eighty-eight 
address, control and data codewords. The address, control 
and data codewords preferably comprise two sets, a set first 

20 relating to a vector field comprising a short address vector, 
a long address vector, a first message word, and a null word, 
and a second set relating to a message field comprising a 
message word and a null word. 
The address, control, and data or message codewords are 

25 preferably 31, 21 BCH codewords with an added thirty- 
second even parity bit which provides an extra bit of 
distance to the codeword set. It will be appreciated that other 
codewords, such as a 23, 12 Golay codeword could be 
utilized as well. Unlike the well known POCSAG signaling 

30 protocol which provides address and data codewords which 
utilize the first codeword bit to define the codeword type, as 
either address or data, no such distinction is provided for the 
address and data codewords in the FLEX signaling protocol 
utilized with the preferred embodiment of the present inven- 

35 tion. Rather, address and data codewords are defined by their 
position within the individual frames. 

FIGS, 6 and 7 are timing diagrams illustrating the syn- 
chronization code utilized in accordance with the preferred 
embodiment of the present invention. In particular, as shown 

40 in FIG. 6, the synchronization code comprises preferably 
three parts, a first synchronization code (sync 1), a frame 
information codeword (frame info) and a second synchro- 
nization codeword (sync 2). As shown in FIG. 7, the first 
synchronization codeword comprises first and third portions, 

45 labeled bit sync 1 and BS1, which are alternating 1, 0 bit 
patterns which provides bit synchronization, and second and 
fourth portions, labeled "A" and its complement "A bar", 
which provide frame synchronization. The second and 
fourth portions are preferably single 32, 21 BCH codewords 

50 which are predefined to provide high codeword correlation 
reliability, and which are also used to indicate the data bit 
rate at which addresses and messages are transmitted. Table 

1 defines the data bit rates which are used in conjunction 
with the signaling protocol 

55 

TABLE 1 



Bit Rate 


"A" Value 


1600 bps 


Al and Al bar 


3200 bps 


A2 and A2 bar 


6400 bps 


A3 and A3 bar 


Not defined 


A4 and A4 bar 



As shown in Table 1, three data bit rates are predefined for 
65 address and message transmission, although it will be appre- 
ciated that more or less data bit rates can be predefined as 
well, depending upon the system requirements. 
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The frame information codeword is preferably a single 32, 
21 BCH codeword which includes within the data portion a 
predetermined number of bits reserved to identify the frame 
number, such as 7 bits encoded to define frame number 0 to 
frame number 127. 

The structure of the second synchronization code is 
preferably similar to that of the first synchronization code 
described above. However, unlike the first synchronization 
code which is preferably transmitted at a fixed data symbol 
rate, such as 1600 bps (bits per second), the second syn- 
chronization code is transmitted at the data symbol rate at 
which the address and messages are to be transmitted in any 
given frame. Consequently, the second synchronization code 
allows the financial messaging unit to obtain "fine" bit and 
frame synchronization at the frame transmission data bit 
rate. 

In summary the signaling protocol utilized with the pre- 
ferred embodiment of the present invention comprises 128 
frames which include a predetermined synchronization code 
followed by eleven information blocks which comprise eight 
address, control or message codewords per phase. The 
synchronization code enables identification of the data trans- 
mission rate, and insures synchronization by the financial 
messaging unit with the data codewords transmitted at the 
various transmission rates. 

FIG. 8 is an electrical block diagram of the financial 
messaging unit 106 in accordance with the preferred 
embodiment of the present invention. The heart of the 
financial messaging unit 106 is a controller 816, which is 
preferably implemented using a low power MC68HC0x 
microcomputer, such as manufactured by Motorola, Inc., or 
the like. The microcomputer controller, hereinafter call the 
controller 81 6, receives and processes inputs from a number 
of peripheral circuits, as shown in FIG. 8, and controls the 
operation and interaction of the peripheral circuits using 
software subroutines. The use of a microcomputer controller 
for processing and control functions (e.g., as a function 
controller) is well known to one of ordinary skill in the art. 

The financial messaging unit 106 is capable of receiving 
address, control and message information, hereafter called 
"data" which is modulated using preferably 2-level and 
4-level frequency modulation techniques. The transmitted 
data is intercepted by an antenna 802 which couples to the 
input of a receiver section 804. Receiver section 804 pro- 
cesses the received data in a manner well known in the art, 
providing at the output an analog 4-level recovered data 
signal, hereafter called a recovered data signal. The recov- 
ered data signal is coupled to one input of a threshold level 
extraction circuit 808, and to an input of a 4-level decoder 
810. 

Operation of the threshold level extraction circuit 808, 
4-level decoder 810, symbol synchronizer 812, 4-level to 
binary converter 814, synchronization codeword correlator 
818, and phase timing generator (data recovery timing 
circuit) 826 depicted in the financial messaging unit of FIG. 
8 is best understood with reference to U.S. Pat. No. 5,282, 
205 entitled "Data Communication Terminal Providing Vari- 
able Length Message Carry-On And Method Therefor," 
issued to Kuznicki et al., assigned to Motorola, Inc., the 
teachings of which are incorporated herein by reference 
thereto. 

Again referring to FIG. 8, the threshold level extraction 
circuit 808 comprises two clocked level detector circuits 
(not shown) which have as inputs the recovered data signal. 
Preferably, signal states of 17%, 50% and 83%, are utilized 
to enable decoding the 4-level data signals presented to the 
threshold level extraction circuit 808. 
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When power is initially applied to the receiver portion, as 
when the financial messaging unit is first turned on, a clock 
rate selector is preset through a control input (center sample) 
to select a 128x clock, i.e. a clock having a frequency 
equivalent to 128 times the slowest data bit rate, which as 
described above is 1600 bps (bits per second). The 128x 
clock is generated by 128x clock generator 844, as shown in 
FIG. 8, which is preferably a crystal controlled oscillator 
operating at 204.8 KHz (kilohertz) The output of the 128x 
clock generator 844 couples to an input of frequency divider 
846 which divides the output frequency by two to generate 
a 64x clock at 102.4 KHz. The 128x clock allows the level 
detectors to asynchronously detect in a very short period of 
time the peak and valley signal amplitude values, and to 
therefore generate the low (Lo), average (Avg) and high (Hi) 
threshold output signal values required for modulation 
decoding. After symbol synchronization is achieved with the 
synchronization signal, as will be described below, the 
controller 816 generates a second control signal (center 
sample) to enable selection of a lx symbol clock which is 
generated by symbol synchronizer 812 as shown in FIG. 8. 

The 4-level decoder 810 preferably operates using three 
voltage comparators and a symbol decoder. The recovered 
data signal is coupled to an input of the three comparators 
having thresholds corresponding with normalized signal 
states of 17%, 50% and 83%. The resulting system effec- 
tively recovers the demodulated 2- or 4- level FSK infor- 
mation signal by coupling the recovered data signal to the 
second input of an 83% comparator, the second input of a 
50% comparator, and the second input of a 17% comparator. 
The outputs of the three comparators corresponding with the 
low (Lo), average (Avg) and high (Hi) threshold output 
signal values are coupled to inputs of a symbol decoder. The 
symbol decoder then decodes the inputs according to Table 
2. 

TABLE 2 





Threshold 




Output 




Hi 


Avg 


Lo 


MSB 


LSB 


RQn < 


RC fa < 


RC [n < 


0 


0 


Re* < 


RC in < 


RC in > 


0 


1 


RC- m < 


RC^ > 


RC in > 


1 


1 


RQn > 


RCfc > 


RC in > 


1 


0 



As shown in Table 2, when the recovered data signal 
(RC,-„) is less than all three threshold values, the symbol 
generated is 00 (MSB (most significant bit)=0, LSB (least 
significant bit)=0). Thereafter, as each of the three threshold 
values is exceeded, a different symbol is generated, as shown 
in the table above. 

The MSB output from the 4-level decoder 810 is coupled 
to an input of the symbol synchronizer 812 and provides a 
recovered data input generated by detecting the zero cross- 
ings in the 4-level recovered data signal. The positive level 
of the recovered data input represents the two positive 
deviation excursions of the analog 4-level recovered data 
signal above the average threshold output signal, and the 
negative level represents the two negative deviation excur- 
sions of the analog 4-level recovered data signal below the 
average threshold output signal. 

The symbol synchronizer 812 uses a 64x clock at 102.4 
KHz which is generated by frequency divider 846, that is 
coupled to an input of a 32x rate selector (not shown). The 
32x rate selector is preferably a divider which provides 
selective division by 1 or 2 to generate a sample clock which 
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is thirty-two times the symbol transmission rate. A control 
signal (1600/3200) is coupled to a second input of the 32x 
rate selector, and is used to select the sample clock rate for 
symbol transmission rates of 1600 and 3200 symbols per 
second. The selected sample clock is coupled to an input of 
32x data oversampler (not shown) which samples the recov- 
ered data signal (MSB) at thirty-two samples per symbol. 
The symbol samples are coupled to an input of a data edge 
detector (not shown) which generates an output pulse when 
a symbol edge is detected. The sample clock is also coupled 
to an input of a divide-by-16/32 circuit (not shown) which 
is utilized to generate lx and 2x symbol clocks synchronized 
to the recovered data signal. The divided-by- 16/32 circuit is 
preferably an up/down counter. When the data edge detector 
detects a symbol edge, a pulse is generated which is gated 
by an AND gate with the current count of divide-by-16/32 
circuit. Concurrently, a pulse is generated by the data edge 
detector which is also coupled to an input of the divide-by- 
16/32 circuit. When the pulse coupled to the input of the 
AND gate arrives before the generation of a count of 
thirty-two by the divide-by-16/32 circuit, the output gener- 
ated by the AND gate causes the count of divide-by-16/32 
circuit to be advanced by one count in response to the pulse 
which is coupled to the input of divide-by-16/32 circuit from 
the data edge detector, and when the pulse coupled to the 
input of the AND gate arrives after the generation of a count 
of thirty-two by the divide-by-16/32 circuit, the output 
generated by the AND gate causes the count of divide-by- 
16/32 circuit to be retarded by one count in response to the 
pulse which is coupled to the input of divide-by-16/32 
circuit from the data edge detector, thereby enabling the 
synchronization of the lx and 2x symbol clocks with the 
recovered data signal. The symbol clock rates generated are 
best understood from Table 3 below. 

TABLE 3 







Rate 




2X 


IX 


Input 


Control 


Selector 


Rate 


Symbol 


Symbol 


Clock 


Input 


Divide 


Selector 


Clock 


Clock 


(Relative) 


(SPS) 


Ratio 


Output 


(BPS) 


(BPS) 


64X 


1600 


by 2 


32X 


3200 


1600 


64X 


3200 


by 1 


64X 


6400 


3200 
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As shown in the table above, the lx and 2x symbol clocks 
are generated 1600, 3200 and 6400 bits per second and are 
synchronized with the recovered data signal. 

The 4- level binary converter 814 couples the lx symbol 
clock to a first clock input of a clock rate selector (not 
shown). A 2x symbol clock is coupled to a second clock 
input of the clock rate selector. The symbol output signals 
(MSB, LSB) are coupled to inputs of an input data selector 
(not shown). A selector signal (2L/4L) is coupled to a 
selector input of the clock rate selector and the selector input 
of the input data selector, and provides control of the 
conversion of the symbol output signals as either 2-level 
FSK data, or 4-level FSK data. When the 2-level FSK data 
conversion (2L) is selected, only the MSB output is selected 
which is coupled to the input of a conventional parallel to 
serial converter (not shown). The lx clock input is selected 
by clock rate selector which results in a single bit binary data 
stream to be generated at the output of the parallel to serial 
converter. When the 4-level FSK data conversion (4L) is 
selected, both the LSB and MSB outputs are selected which 
are coupled to the inputs of the parallel to serial converter. 
The 2x clock input is selected by clock rate selector which 
results in a serial two bit binary data stream to be generated 
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at 2x the symbol rate, which is provided at the output of the 
parallel to serial converter. 

Referring again to FIG. 8, the serial binary data stream 
generated by the 4-level to binary converter 814 is coupled 
to inputs of a synchronization codeword correlator 818 and 
a demultiplexer 820. Predetermined "A" codeword synchro- 
nization patterns are recovered by the controller 816 from a 
code memory 822 and are coupled to an "A" codeword 
correlator (not shown). When the synchronization pattern 
received matches one of the predetermined "A" codeword 
synchronization patterns within an acceptable margin 
of,. error, an "A" or "A-bar" output is generated and is 
coupled to controller 816. The particular "A" or "A-bar" 
codeword synchronization pattern correlated provides frame 
synchronization to-the start of the frame ID codeword, and 
also defines the data bit rate of the message to follow, as was 
previously described. 

The serial binary data stream is also coupled to an input 
of the frame codeword decoder (not shown) which decodes 
the frame codeword and provides an indication of the frame 
number currently being received by the controller 816. 
During sync acquisition, such as following initial receiver 
turn-on, power is supplied to the receiver portion by battery 
saver circuit 848, shown in FIG. 8, which enabled the 
reception of the "A" synchronization codeword, as 
described above, and which continues to be supplied to 
enable processing of the remainder of the synchronization 
code. The controller 816 compares the frame number cur- 
rently being received with a list of assigned frame numbers 
stored in code memory 822. Should the currently received 
frame number differ from an assigned frame numbers, the 
controller 816 generates a battery saving signal which is 
coupled to an input of battery saver circuit 848, suspending 
the supply of power to the receiver portion. The supply of 
power will be suspended until the next frame assigned to the 
receiver, at which time a battery saver signal is generated by 
the controller 816 which is coupled to the battery saving 
circuit 848 to enable the supply of power to the receiver 
portion to enable reception of the assigned frame. 

A predetermined "C" codeword synchronization pattern is 
recovered by the controller 816 from a code memory 822 
and is coupled to a "C" codeword correlator (not shown). 
When the synchronization pattern received matches the 
predetermined "C" codeword synchronization pattern with 
an acceptable margin of error, a "C" or "C-bar" output is 
generated which is coupled to controller 816. The particular 
"C" or "C-bar" synchronization codeword correlated pro- 
vides "fine" frame synchronization to the start of the-data 
portion of the frame. 

The start of the actual data portion is established by the 
controller 816 generating a block start signal (Blk Start) 
which is coupled to inputs of a codeword de-interleaver 824 
and a data recovery timing circuit 826. A control signal 
(2L/4L) is coupled to an input of clock rate selector (not 
shown) which selects either lx or 2x symbol clock inputs. 
The selected symbol clock is coupled-to the input of a phase 
generator (not shown) which is preferably a clocked ring 
counter which is clocked to generate four phase output 
signals (01-04). A block start signal is also coupled to an 
input of the phase generator, and is used to hold the ring 
counter in a predetermined phase until the actual decoding 
of the message information is to begin. When the block start 
signal releases the phase generator, it begins generating 
clocked phase signals which are synchronized with the 
incoming message symbols. 

The clocked phase signal outputs are then coupled to 
inputs of a phase selector 828. During operation, the con- 
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troller 816 recovers from the code memory 822, the trans- sensible alert signal is preferably an audible alert signal, 

mission phase number to which the financial messaging unit although it will be appreciated that other sensible alert 

is assigned. The phase number is transferred to the phase signals, such as tactile alert signals, and visual alert signals 

select output (0 Select) of the controller 816 and is coupled can be generated as well. The audible alert signal is coupled 

to an input of phase selector 828. A phase clock, correspond- 5 by the controller 816 to an alert driver 834 which is used to 

ing to the transmission phase assigned, is provided at the drive an au dible alerting device, such as a speaker or a 

output of the phase selector 828 and is coupled to clock transducer 836. The user can override the alert signal 

inputs of the demultiplexer 820, block de-interleaver 824, generation through the use of user input controls 838 in a 

and address and data decoders 830 and 832 respectively. maQner wdl known m the ^ 

The demultiplexer 820 is used to select the binary bits m , . . , „ , . . 
associated with the assigned transmission phase which are 10 ^ stored messa S e ^formation can be recalled by the 
then coupled to the input of block de-interleaver 824, and user u smg the user input controls 838 whereupon the con- 
clocked into the de-interleaver array on each corresponding troller 816 recovers the message information from memory, 
phase clock. In a first embodiment, the de-interleaver uses and provides the message information to a display driver 
an 8x32 bit array which de- interleaves eight 32 bit inter- 840 for presentation on a display 842, such as an LCD 
leaved address, control or message codewords, correspond- 15 display. 

ing to one transmitted information block. The de -interleaved i n addition to the preceding description, the systems 

address codewords are coupled to the input of address previously discussed in reference to FIGS. 1, 2, 7 and 8, and 

correlator 830, The controller 816 recovers the address protocol previously discussed in reference to FIGS. 3, 4 and 

patterns assigned to the financial messaging unit, and 5 may be more fou under stood in view of the following 

couples the patterns to a second input of the address corr- 20 v s Pa[ No 5)168)49 3 entit i ed < Time Division Multi- 

elator. When any of the de-interleaved address codewords lexed Sc]sC ^ e Call s tem » issued l0 Nelson et aL 

matches any of the address patterns assigned to the financial * No. 5,371,737 entitled "Selective Call Receiver For 

messaging unit within an acceptable margin of error ( e g Multiphase Multiplexed Signal" issued to Nel- 

the number of bit errors correctable according to the code- . i ft o n . xt c no ac ♦ fT^ «c i *■ n n 

word structure selected), the message information and cor- 25 ™ V c S ' Pa ; No. 5 128,665 entitled Selective Call 

responding information associated with the address (e.g., the Signalling System to DeLuca et al., and U.S Pat No. 

information representing the broadcast and received selec- 5,325,088 entitled "Synchronous Selective Signaling Sys- 

tive call signalling message, which was previously defined lem " to Willard all ° f ^ hl u ch are l ° Motorola, 

as message related information) is then decoded by the data Inc > and the teachings of which are incorporated herein by 

decoder 832 and stored in a message memory 850. 30 reference thereto. 

Following the detection of an address associated with the Referring to FIG. 9, a diagram shows a secure messaging 
financial messaging unit, the message information is system 900 in accordance with the present invention, 
coupled to the input of data decoder 832 which decodes the The paging terminal 102 or wireless selective call signal- 
encoded message information into preferably a BCD or ling system controller, receives information comprising a 
ASCII format suitable for storage and subsequent display. 35 selective call message request including a destination iden- 

Alternatively, the software based signal processor may be tifier and a secure financial transaction message. The infor- 

replaced with a hardware equivalent signal processor that mation is typically coupled to the paging terminal 102 via a 

recovers the address patterns assigned to the financial mes- Public Switched Telephone Network (PSTN) 912 which 

saging unit, and the message related information. Following, serves to transport the information from a regulator 914 such 

or prior to detection of an address associated with the 4 o as a bank > cre dit card issuer or the like. The PSTN 912 may 

financial messaging unit, the message information and cor- be coupled to the paging terminal 102 and the regulator 914 

responding information associated with the address may be using conventional phone lines 910 or possibly a high speed 

stored directly in the message memory 850. Operation in this digital network, depending on the information bandwidth 

manner allows later decoding of the actual message required for communicating financial transactions between 

information, e.g., that encoded message information that 45 the regulator 914 and a plurality of one financial messaging 

decodes into a BCD, ASCII, or multimedia format suitable unit 906. Once coupled to the paging terminal 102, the 

for subsequent presentation. However, in performing direct information is formatted as one or more selective call 

storage, the memory must be structured in a manner that messages and transferred 922 to at least one radio frequency 

allows efficient, high speed placement of the message infer- transmitter 904 for broadcast to at least one financial mes- 

mation and corresponding information associated with the 50 saging unit 906 located in any one of a number of commu- 

address. Additionally, to facilitate the direct storage of nication zones 902. The financial messaging unit 906 may 

message information and corresponding information asso- include an interface that couples unencrypted or encrypted 

ciated with the address in the message memory 850, a information such as the secure financial transaction message 

codeword identifier 852 examines the received codeword to to a conventional Smart Card 920 for effecting a financial 

assign a type identifier to the codeword in response to the 55 transaction. Alternatively, the secure financial transaction 

codeword belonging to one of a set comprising a vector field message may be decoded and stored by the financial mes- 

and a set comprising a message field. After determining the saging unit 906 when the financial messaging unit 906 

type identifier, a memory controller 854 operates to store the includes capabilities, e.g., cash load and reload and/or credit 

type identifier in a second memory region within the services, such as found in a Smart Card 920. 

memory corresponding with the codeword. The above 60 Two-way capability is provided for the financial messag- 

memory structure and operation of the de-interleaved infor- ing unit 906 using either a wired or a wireless return path, 

mation memory storage device comprising the message By way of example, the secure financial transaction message 

memory 850, the codeword identifier 852, and the memory is received by the financial messaging unit 906 which 

controller 854, are more fully discussed in the patents decodes and decrypts a content of the secure financial 

incorporated below. 65 transaction message that may represent a cash value token, 

Following the storage of the message related information, credit, or debit amount. This message content is then stored 

a sensible alert signal is generated by the controller 816. The by the financial messaging unit 906 pending confirmation of 
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receipt and a subsequent release of funds or authorization of an official standard. It is the most well-known and widely 

credit by the regulator. If the financial transaction value is used cryptosystem in the world. 

high, the regulator will typically require an acknowledgment Diffie-Hellman— The DifEe-Hellman key agreement pro- 

from the financial messaging unit 906 before the received toco i provided the first practical solution to the key distri- 

token based funds are activated, or before a credit or debit 5 bution problem by allowing parties to securely establish a 

transaction is allowed. However, if the financial transaction shared secret key over an open channel. The security is 

value is low, the regulator may not require an acknowledg- on tne discrete log problem. 

ment from the financial messaging unit 906 before the Di ^ tal S ignature-A data string which associations a 

received token based funds are activated, or before a credit m (in di ital form) with ^ ori inatin entit ^ 

or debit transaction is allowed. In case of a low value 10 cryptographic primitive ^ used to provide authentication, 

transaction, the financial messaging unit 906 may only be data [n{ . and DOn _ repudiat i oa 

required to reconcile its fund or credit capacity one a day, or ^ . „ , , _ „ , , 

^gjj Discrete Log Problem — The requirement to find the expo- 

" .„ r*Tf~i rt i. nent x in the formula y«g* mod p. The discrete log problem 

The secure messaging system illustrated in FIG. 9 allows fe beljeved < 0 fee difficu , t and ^ harf direction of aon 

wireless return or origination of secure financial transaction 15 ^ ^ 

messages using a reverse or inbound channel received by . * , 

distributed receiver sites 908. These sites are typically more Elh P tlc Cryptosystem (ECC)-A pubhe-key cryp- 

dense that the outbound broadcast sites 904 since the trans- tos y stem based 0D the discrete loganthm problem over 

mitter power and antenna characteristics of the financial elliptic curves. ECC provides the-highest strength-per-bU of 

messaging unit 906 are significantly inferior to that of a 20 any public-key system, allowing the use of much smaller 

dedicated radio frequency base station and wide area trans- P^hc-keys compared to other systems. 

mitter site 904. Thus, the size and weight of a financial Encryption— The process of transforming plain text into 

messaging unit 906 is kept to a minimum, yielding a more cipher text for confidentiality or privacy. 

ergonomic portable device with the value added function of Entity Authentication — The corroboration of the identity 

not requiring a physical connection to effect financial trans- 25 0 f an entity (e.g., a person, financial messaging unit, com- 

actions such as bank withdrawals, deposits, credit card puter terminal, Smart Card 920, etc.). 

payments, or purchases. Alternatively, the secure messaging Factoring— The act of splitting an integer into a set of 

system is adapted to accommodate lower power financial smaller integers which, whemmultipfied together, form the 

messaging unit 906 devices that might include additional original integer. RSA is based on the factoring of large prime 

means for implementing the return or origination of secure 30 num ^ ers 

financial transaction messages using a reverse or inbound Information Security Functions-The processes of 

channel that is accessed at a point of sale 916 or at a bank tion and di ital signatllres which provide information 

914. In these cases, the lower power financial messaging ? t A1 , ...... 

' r i \ i T security services. Also known as security primitives, 

unit 906 could include an infrared or laser optical port, low „ . ™ .,. . 

power proximate magnetic inductive or electric capacitive 35 . Information Security Services-The purpose of utilizing 

port, or possibly an ultrasonic or audio band acoustic trans- information security functions. Services include privacy or 

ducer port, all of which could couple signals between the confidentiality, authentication, data integrity and non- 

lower power financial messaging unit 906 and a device such repudiation. 

as a point of sale terminal, automated teller machine, or the Key — A value in the form of a data string used by 

l^e 40 information security functions to perform cryptographic 

Several cryptographic methods are suitable for use with computations, 

the present invention. The following definitions are useful in Key Agreement— A key establishment technique in which 

understanding the terminology associated with cryptography * shared secret is derived by two or more parties as a 

as applied to wired or wireless communications. function or information contributed by, or associated with, 

Certificate-Certificates are digital documents attesting to 45 each of these such that ao ^ can Predetermine the 

the binding of a public key to an individual or other entity. resulting value. 

Certificates are issued by a Certification Authority (CA), Key Establishment— Any process whereby a shared 

which can be any trusted central administration willing to ke Y becomes available to two or more parties, for 

vouch for the identities of those to whom it issues certifi- subsequent cryptographic use. 

cates. A certificate is created when a CA signs a user's public 50 Key Management — The set of processes and mechanisms 

key plus other identifying information, binding the user to which support key establishment and the maintenance of 

their public key. Users present their certificate to other users ongoing keying relationships between parties, 

to demonstrate the validity of their public keys. Key Pair — The public key and private key of a user or 

Confidentiality — The result of keeping information secret 5S entity in a public-key cryptosystem. Keys in a key pair are 

from all but those who are authorized to see it. Confiden- mathematically related by a hard one-way function, 

tiality is also referred to as privacy. Key Transport — A key establishment technique where 

Cryptographic Protocol — A distributed algorithm defined one party creates or otherwise obtains a secret value and 

by a sequence of steps precisely specifying the actions securely transfers it to the other party or parties, 

required of two or more entities to achieve a specific security 60 Message Authentication — The corroboration of the 

objective. source of information; also known as data original authen- 

Data Integrity — The assurance that information has not tication. 

been altered by unauthorized or unknown means. Message Authentication Code (MAC)— A hash function 

Decryption — The process of transforming encrypted which involves a secret key, and, provides data original 

information (cipher text) into plain text. 6 5 authentication and data integrity. The MAC is also referred 

DES (Data Encryption Standard) — A symmetric encryp- to as a transaction authentication code, wherein a message 

tion cipher defined and endorsed by the U.S. government as may contain at least one transactions. 
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Non-repudiation — The prevention of the denial of previ- Any entity B can verify A's signature (r,s) on M by 

ous commitments or actions. Non-repudiation is achieved performing the following steps: 

using digital signatures. 1. Obtain A's public key Y a =aP. 

Private Key — In a public-key system, it is that key in a 2. Compute u«sP 

key pair which is held by the individual entity and never 5 3. Compute V=rYa 

revealed. It is preferable to embed the private key in a 4. Compute u+v«(x',y') 

hardware platform as a measure to keep it hidden from 5. Convert x' to an integer, 

unauthorized parties. 6. Compute e'-r-x' mod n. 

Public Key — In a public key system, it is that key in a key 7. Compute e=H(M) and verify that e*=e. 

pair which is made public. 30 The following example illustrates encryption using an 

Public-Key Cryptography — A cryptographic system that elliptic curve encryption scheme. Assume that Entity A has 

uses different keys for encryption (e) and decryption (d), a private key a and public key Ya=aP where P is a generating 

where (e) and (d) are mathematically linked. It is computa- point. Entity B encrypts bit string M to entity A using the 

tionally infeasible to determine (d) from (e). Therefore, this following procedure: 

system allows the distribution of the public key while 1 1. B obtains A's public key Y a 

keeping the private key secret. Public-key cryptography is 2. B generates random integer k. 

the most important advancement in the field of cryptography 3, b computes R=kP. 

in the last 2000 years. 4 B comp utes S=kY a =(x,y) 

RSA— A widely used public-key cryptosystem, named 2Q 5 B CO m pu tes c-m.-Mx). 

after its inventors R. Rivest, A. Shamir, and L, Adleman. The g B sends (R c cj to A 

security of RSA is based on the intractability of the integer Whefe Wx)-SH A-1 *(x||0) and «x)-SHA-l(f^ ^HxJO 

factorization problem. Alternatively, if RSA cryptography is used, the following 

Symmetric-Key Encryption— A cryptosystem in which definitions are pertinent: 

for each associated encryption/decryption key pair, (e,d), it 25 n ^ the mot j u ius 

is computationally easy to determine d knowing only e, and d fc tfae - vate ke and ±c bHc onent for entity A . 

to determine e from d In most practical symmetric-key M is a bit string to be signed. 

encryption schemes e^d Although symmetric systems are RSA signature is generated by Entity A as follows: 

efficient for bulk encryption of data, they pose significant ^ • ■ .J 

key management problems. Consequently, symmetric-key 30 Com P u,e m=H ( M )> an m,e S er less ,ban n - 

and public-key systems are often combined in a system to 2 - Compute S-m mod n 

take advantage of the benefits of each. 3. The signature is s. 

Asymmetric-Key Encryption-A cryptosystem in which RSA signing as described above creates digital signatures 

for each party holds encryption/decryption key pairs with appendix. In contrast to the ECC signing discussed 

varying strength, e.g., a shorter key may be used in situations 35 previously, no pre-computation is possible when using RSA. 

requiring less security, while a longer key is used in situa- Note that the S1 6 nin 8 ret l uires one exponentation by the 

tions requiring greater security. As with symmetric-key private exponent d. _ 

encryption systems, asymmetric systems pose significant c Entity B can verify A s signature S on M using the 

key management problems. following procedure: 

Verification-The process of confirming that a digital 40 1- obtain A ' s P ublic ex P onent e and modulus n - 

signature, and therefore an entity or a message, is authentic. 2 - Compute m*-s' mod n. 

The following examples illustrate systems that may be 3 - Compute m=H(M). 

used to implement a secure messaging system in accordance 4. Verify that m*=m 

with the present invention. In RSA verification, one exponentation by the public 

Using ECC Algorithms, a secure signature with hash is 45 exponent e is required, e is preferably selected to be 64 

generated based on the following information: random blts ' bt RSA encryption, one exponcn- 

° . . , . , tation is required with a public exponent and the public 

P is a generating point on the curve and has order n. e m shou , d ^ a{ ^ M bi(s , ong for miDimum 

H is a secure hash algorithm such as SHA-1. security. 

M is a bit string to be signed by an entity A so In view of the preceding discussion, the remainder of the 

A has a private key a and a public key Y a =aP. secure messaging system is described with reference to 

To generate the signature, Entity A does the following: FIGS. 10-16. 

1, Compute e=H (M) (e is an integer) Referring to FIG. 10, the illustration shows a high level 

2. Generate a random integer k block diagram of a financial messaging unit 906 in accor- 
3 Compute R=kP«(x y) 55 ^ ance w * tn P re f errecl embodiment of the present inven- 

4. Convert x to an integer. Qne possible embodiment of a financial messaging unit 

5. Compute r=x+e mod n 906 i s a conventional paging device and Smart Card 920 

6. Compute s=k-ar mod n. combination as shown in FIG. 10. Here, a mechanical slot 

7. The signature is (r,s). 60 and standard Smart Card connector are incorporated into the 
Since R=kp is computed independently of the message M paging device's housing so that a Smart Card 920 can be 

it could be pre-computed prior to signing M which occurs in inserted into the housing in a manner that establishes elec- 

steps (5) and (6). In this procedure, the time to hash and trical contact between the card and the pager electronics, 

generate a random number is taken to be negligible in Alternatively, the electronics required to implement a Smart 

comparison with other operations performed. Finally, pre- 65 Card 920 are moved or integrated into the paging device so 

computation of certain functions may be performed to speed the pager functions as a true wireless Smart Card or wireless 

up the computation of kP in step (3). ATM. 
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Operationally, the incoming signal is captured by the closed loop system in which the sending party (e.g., a 

antenna 802 coupled to the receiver 804 which detects and regulator or issuer such as a bank, or VISA™) generates a 

demodulates the signal, recovering any information as pre- secure transaction that comprises a value amount and an 

viously discussed with reference to FIG. 8. Alternatively, the authentication code. The secure transaction is communi- 

financial messaging unit 906 contains a low power reverse 5 cated to a requesting party via a device such as an Automatic 

channel transmitter 1034, power switch 1032, and transmit Teller Machine (ATM). In order to establish and complete a 

antenna 1030 for either responding to an outbound channel transaction, the requesting party inserts a Smart Card 920 

query or generating an inbound channel request. Instead of into the ATM, enters an identification code, and requests a 

the portable transmitter 1034 (e.g., a low power radio value to be placed in the Smart Card 920. The transaction 

frequency device) and its associated components, the alter- no processing system authenticates the Smart Card 920, the 

native transmission block 1036 may contain either uni- or requesting party's financial status (e.g., account balance, 

bi-directional communication transducers. Examples of credit availability, etc.) and either completes or denies the 

such transducers are optical devices like lasers or light transaction. 

emitting diodes (LED), extremely low power magnetic field Accordingly, in view of the above requirements, the 

inductive or electric field capacitive structures (e.g., coils, 35 control logic 1016 operates to govern operation of the 

transmission lines), or possibly acoustic transducers in the components associated with the Smart Card function module 

audio or ultrasonic range. 1014 to implement and maintain end-to-end security in a 

An input/output (I/O) switch 1002 serves to direct the secure financial transaction message. The control logic 1016 

incoming or outgoing radio frequency (RF) energy between insures that any contents associated with the secure financial 

the RF receiver 804, RF transmitter 1030 and a selective call 20 transaction message are kept in their encrypted state from a 

decoder 1004. The selective call decoder 1004 comprises a regulator 914 until they are actually decrypted by the Smart 

processing unit 1006, and its associated random access Card function module 1014 or an associated Smart Card 

memory (RAM) 1008, read-only memory (ROM) 1010, and 920. Therefore, sensitive information such as a private 

universal input/output (I/O) module 1012. The primary encryption key, cash load values, credit or bank account 

function of the selective call decoder 1004 is to detect and 25 numbers, or the like, are stored in the secure PROM 1024. 

decode information contained in signalling intended for Similarly, the secure ROM 1022 may store processing 

receipt by the financial messaging unit 906. Alternatively, in routines that decrypt and encrypt information exchanged 

a 2-way implementation that includes the optional reverse between the Smart Card function module 1014 and a regu- 

channel transmitter block 1036, the selective call decoder lator 914, merchant 916, or another Smart Card 920. 

1004 may also function as an encoder to generate and deliver 30 The message entry device 1018 allows a user to initiate a 

requests or messages to the regulator 914, a user, or other cash load request, cash transaction, credit transaction, or the 

on-line system (not shown). like. Typically, a user might enter a request using a 

In this particular implementation, the ROM 1010 may keyboard, a voice activated recognition device, a touch - 

operate as a Programmable Read Only Memory (PROM) or sensitive device (e.g., screen or pad), or other convenient 

an Electrically Erasable Programmable Read Only Memory 35 data entry device. In the present invention, a user may 

(EEPROM) or the like. This allows programming of either request transaction based information be communicated 

a single unique selective call address corresponding with a with the financial messaging unit 906, stored in the financial 

predetermined financial transaction type or multiple unique messaging unit 906 for later transfer to the Smart Card 920, 

selective call addresses corresponding with a plurality of or passed directly to the Smart Card 920. In this way, the 

predetermined financial transaction types into the financial 40 financial messaging unit 906 acts like a portable Automatic 

messaging unit 906. These addresses can be conventional Teller Machine (ATM), allowing a user to effect financial 

selective call addresses, or they can be specialized secure transactions without actually visiting a physical ATM. 

selective call addresses. In any case, each unique address In the case where the financial messaging unit 906 acts 

may represent financial transaction types like a cash load like a portable ATM with origination capability, the Smart 

request, a fund transfer request, a credit request, or the like. 45 Card function module 1014 operates as a second secure 

This flexibility allows an issuer, regulator, bank, or user to message generator coupled to the financial messaging unit to 

easily configure the characteristics associated with one or create a financial transaction request. Once created, a por- 

more selective call addresses activated in the financial table transmitter 1034 coupled to the secure message gen- 

messaging unit 906 using such vehicles as conventional erator operates to broadcast the financial transaction request 

contact based or over the air programming of the ROM 50 to a selective call message processor 1104. A receiver 

1010. Moreover, as one or more addresses are selected and (received signal processor (FIG. 12)) 1204 coupled to the 

programmed for financial transaction capability, the finan- selective call message processor 1104 operates to receive 

cial messaging unit 906 automatically configures its asso- and couple the financial transaction request to the selective 

ciated RAM 1008 and I/O 1012 capability to accommodate call message processor 1104. In this way, the financial 

the features needed to support functions historically associ- 55 messaging unit 906 can perform financial transactions with- 

ated with cash, debit, and credit transactions. out requiring a physical connection to a land-line hard wired 

Additionally, the financial messaging unit 906 comprises network or PSTN, 

a secure decoding or Smart Card function module 1014 that With regard to the implementation of a radio frequency 

serves as a second financial transaction processor. This enabled reverse channel financial messaging unit 906 as 

module comprises control logic 1016, a message entry 60 discussed herein, the invention preferably operates using the 

device 1018, a security code processor 1020, a secure ROM Motorola ReFlEX™ 2-way wireless-paging system infra- 

1022, a secure programmable read only memory (PROM) structure and protocol which is described in detail in the 

1024, and a Smart Card input/output (I/O) module 1026. following documents: 

Certain financial groups have proposed standards for U.S. Pat. No. 5,475,863, issued Dec. 12, 1995 to Simpson 

effecting end-to-end transaction security in the land-line 65 et al. and titled "Method And Apparatus for Delivering 

wired environment. The standards proposed for securing Messages to Portable Communication Units in a Radio 

electronic financial transactions are based on a peer-to-peer Communication System"; U.S. Pat. No. 5,712,624, issued 
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Jan. 27, 1998 to Ayerst et al. and titled "Method And The message composition and encryption equipment 

Apparatus for Optimizing Receiver Synchronization in a illustrated in FIG. 11 would typically be used on the pre- 

Radio Communication System"; U.S. Pat. No. 5,521,926 mises of a financial institution to send secure electronic 

issued May 28,1996 to Ayerst et al. and titled "Method And funds transfer authorizations to financial messaging units 

Apparatus for Improved Message Reception at a Fixed 5 906 (e.g., "wireless ATM" devices) via a conventional 

System Receiver"; U.S. Pat. No. 5,638,369, issued Jun. 10, paging channel or the like. In the following examples, the 

1997 to Ayerst et al. and titled "Method and Apparatus for transaction information is composed using standard finan- 

Inbound Channel Selection in a Communication System"; cial computers an d data structures, and the message is 

and U.S. Pat No. 5,737,691 issued Apr 7, 1998 to Wang et encr y pted using the public and private keys assigned to 

al. and titled "A System and Method for ^locating Fre- 1Q deyice and transaction> respectively. The keys 

quency Channels in a Two-way Messaging Network' , all of J? ^ ^ ^ add 

which are assigned to the assignee of the present invention, * database associated with the processing 

and all of which are incorporated by reference herein. . , . , , . . r , ,-, 

It should be appreciated that the use of the instant inven- computer. After each message is encrypted, it is sent like a 

tion in other 2-way communication systems such as cellular normal P a S in S messa S e to the P a S in g s y stera v,a the P ubllc 

and radio packet data systems is contemplated. 3S telephone system. 

Certain financial groups have proposed standards for The first financial transaction processor U00 will be more 
effecting end-to-end transaction security in the land-line fully discussed with reference to FIG. 12 which integrates 
wired environment. The standards proposed for securing the first financial transaction processor 1100 with a wireless 
electronic financial transactions are based on a peer-to-peer selective call signaling system controller, 
closed loop system in which the sending party (e.g., a 20 Referring to FIG. 12, the illustration shows a functional 
regulator or issuer such as a bank, or VISA™) generates a diagram of a wireless selective call signaling system con- 
secure transaction that comprises a value amount and an troller that implements a combined 1-way and 2-way secure 
authentication code. The secure transaction is communi- messaging system capable of signalling the financial mes- 
cated to a requesting party via a device such as an Automatic saging units. 

Teller Machine (ATM). In order to establish an complete a 25 The wireless selective call signaling system controller 

transaction, the requesting party inserts a Smart Card 920 1200 comprises the first financial transaction processor 1100 

into the ATM, enters an identification code, and requests a along with a transmitter 104 and associated antenna 904, and 

value to be placed in the Smart Card 920. The transaction in 2-way RF systems, at least one receiver 1202 system 

processing system authenticates the Smart Card 920, the comprising a received signal processor and at least one 

requesting party's financial status (e.g., account balance 30 receive antenna 908. Preferably, several of at least one 

credit availability, etc.) and either completes or denies the receiver 1202 systems may be distributed over a wide 

transaction. geographical area to receive the low power transmissions 

In a broader application, the financial messaging unit 906 broadcast by 2-way financial messaging units 906. The 

may be adapted to communicate, sensitive messages or data, number of receiver 1202 systems in any given geographical 

as well as electronic funds transfer information can be 35 area is selected to insure adequate coverage for all inbound 

securely transferred to the intended recipient device via a transmissions. As one of ordinary skill in the art will 

paging channel or the like. appreciate, this number may vary greatly depending on 

Referring to FIG. 11, the block diagram illustrates mes- terrain, buildings, foliage, and other environmental factors, 

sage composition and encryption equipment that could be The wireless selective call signaling system controller 

used on the premises of a financial institution to send secure 40 1200 represents a closely coupled implementation of the 

electronic funds transfer authorizations to financial messag- overall secure messaging system. In practice, a regulator 

ing units via a paging channel or the like. (e.g., bank, credit card issuer, etc.) may not want the 

Specifically, both direct branch and customer calls are responsibility of maintaining the RF infrastructure, i.e., the 
received by a first financial transaction processor 1100 transmitter 104 and associated antenna 904, and the at least 
comprising a transaction processing computer 1102, a mes- 45 one receiver 1202 system Consequently, a conventional 
sage processing and encryption computer 1104 or selective wireless messaging service provider or the like would pro- 
call message processor that operates as a first secure mes- vide and maintain the RF infrastructure, and the regulator 
sage generator, a first secure message decoder, and a selec- would utilize that RF infrastructure in a conventional man- 
tive call message distributor, all being functions of the ner to communicate secure financial transaction messages 
selective call message processor 1104, a subscriber database 50 between the regulator and the financial messaging units 906. 
1106, and a security code database 1108. The transaction As a first alternative to the preceding operation, the 
processing computer 1102 receives financial transaction selective call signaling system controller 1200 may operate 
requests and communicates with the message and encryption to encrypt, encode, and transmit secure financial transaction 
processor 1104 to generate and encrypt secure financial messages received from a regulator, where the first financial 
transaction message based on information contained in the 55 transaction processor 1100 has generated and encrypted the 
security code database 1108 corresponding with the secure financial transaction message, and the selective call 
requester and the transaction type. The message processing signaling system controller 1200 further encrypts the secure 
and encryption computer 1104 also determines a destination financial transaction message, for a second time. This 
identifier from information contained in the subscriber data- increases the level of security of an associated secure 
base 1106, which allows the selective call message distribu- 60 financial transaction message by encapsulating it using a 
tor to communicate the destination identifier and its corre- second, unrelated encryption. Subsequently, the financial 
sponding secure financial transaction message to a selective messaging unit 906 decodes and decrypts the doubly 
call transmission service 904. The destination identifier may encrypted message, revealing the secure financial transac- 
correspond with a conventional paging address, a cellular tion message in its encrypted state, and thus maintaining the 
telephone address, or any other address that uniquely iden- 65 end-lo-end security required for a financial transaction, 
tifies a destination associated with the secure financial Similarly, the selective call signaling system controller 1200 
transaction message, receives messages originating from the financial messaging 
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unit 906 and passes the secure financial transaction message 
in its encrypted state to a regulator for decryption and 
processing. 

As a second alternative to the preceding operation, the 
selective call signaling system controller 1200 may operate 5 
to encode and transmit secure financial transaction messages 
communicated between the regulator and the financial mes- 
saging unit 906. In this case, the first financial transaction 
processor 1100 at the regulator has generated and encrypted 
the secure financial transaction message, and the selective 10 
call signaling system controller 1200 operates to associate a 
selective call address with the secure financial transaction 
message based on a received destination identifier, then 
transmit a resulting selective call message for receipt by the 
financial messaging unit 906. Subsequently, the financial is 
messaging unit 906 decodes the selective call message, 
revealing the secure financial transaction message in its 
encrypted state, and thus maintaining the end-to-end secu- 
rity required for a financial transaction. As with the prior 
operation, the selective call signaling system controller 1200 20 
further operates to receive messages originating from the 
financial messaging unit 906 and passes the secure financial 
transaction message in its encrypted state to a regulator for 
decryption and processing. 

Referring to FIG. 13, the illustration shows the various 25 
layers of a messaging system in a format that is similar to the 
Organization Standards International (OSI) stack diagram 
that is well known in the electronics industry. 

With respect to the present invention, the network layer 
1302 is a point at which financial transactions are created. 30 
These financial transactions are then communicated to a 
messaging layer 1304 where appropriate selective call mes- 
sages are formed for inclusion in a transport protocol such 
as Motorola's FLEX or POCSAG. The channel signalling 
layer 1306 or transport layer represents the point where the 35 
low level transport protocols mentioned above are imple- 
mented. Finally, the RF channel 1308 is the physical media 
on which the low level transport protocol communicates the 
selective call messages containing the financial transactions. 

Referring to FIG. 14, the flow diagram shows typical 40 
operation of a financial messaging unit in accordance with 
the preferred embodiment of the present invention. 

When activated 1400, the financial messaging unit 906 
(denoted as a pager for clarity of explanation) operates 
"normally," that is, it waits in a standby state 1402 searching 45 
for its selective call address 1404. If the financial messaging 
unit detects its address, and in particular it detects a security 
address 1406, e.g., a specific selective call address associ- 
ated with a single unique account, or one of several unique 
accounts, the financial messaging unit 906 recovers the 50 
secure financial transaction message to effect a financial 
transaction. If steps 1404 or 1406 fail, control returns to step 
1402 in which the financial messaging unit resumes normal 
operation. Once the financial messaging unit 906 determines 
that a secure financial transaction message is received, the 55 
Smart Card function module 1014 is activated 1408 and the 
secure financial transaction message may be decoded 1410. 
Decoding as mentioned here can represent the recovery of 
the secure financial transaction message from the native 
selective call protocol, e.g., from a FLEX or POCSAG data 60 
or information word, or decoding can include the step of 
decrypting the secure financial transaction message to 
recover its contents representing an electronic cash token 
value, a credit value, a debit value, or other information 
relating to a secure financial transaction such as crypto- 65 
graphic message or session keys. According to the content of 
the secure financial transaction message, the control logic 
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1016 and processor 1006 operate to execute instructions 
1412 pertinent to the financial transaction being executed. 

Referring to FIG. 15, the illustration shows a typical 
sequence associated with requesting and authorizing the 
electronic transfer of funds or debit of funds by and from a 
wireless financial messaging unit. 

A financial transfer sequence is initiated 1500 by a 
customer calling his or her bank 1502, identifying them- 
selves 1504 via a PIN number or other account information 
1506, and requesting a transfer or other financial transaction 
1508 for communication to their wireless financial messag- 
ing unit 906. 

After verifying the identity of the customer 1510 and the 
appropriate account information 1512, the bank or regulator 
initiates a sequence of events to effect the electronic transfer 
of the funds, granting of credit, or the like. In a first case, a 
financial transaction is approved when the financial trans- 
action request is authenticated as originating from an autho- 
rized party and the financial transaction is permitted by a 
regulator 1514. Typically, regulators permit financial trans- 
actions when a party has sufficient funds as in a cash load or 
debit request, or when a party has sufficient credit available 
to complete a transaction. Preferably, upon approval, the 
financial messaging unit 906 prompts the user to wait for the 
transaction 1520 and the system begins completion of the 
financial transaction 1522. 

In a second case, the first,financial transaction processor 
denies completion of the financial transaction based on the 
financial transaction request when at least one of the finan- 
cial transaction request is not authenticated as originating 
from an authorized party and the financial transaction is not 
permitted by a regulator 1516. Typically, regulators deny 
financial transactions when a party has insufficient funds in 
the cash load or debit request, or when a party has insuffi- 
cient credit available to complete a transaction. If the 
regulator denies the financial transaction, the request is 
terminated 1518 and the financial messaging unit 906 
returns to normal operation. 

Referring to FIG. 16, the illustration shows a typical 
sequence associated with the wireless transfer of funds or 
debit of funds by and from a wireless financial messaging 
unit in both a 1-way and a 2-way secure communication 
system. 

Completion of the financial transaction 1522 begins by 
the regulator or issuer looking up the destination identifier 
and security code (e.g., public or private key) for a user 
account 1602 associated with at least one financial messag- 
ing unit 906. The secure messaging system then generates 
the secure financial transaction message which is commu- 
nicated to the wireless selective call signaling system con- 
troller where the selective call message processor 1104 
executes a control program that receives selective call 
message requests comprising a destination identifier and the 
secure financial transaction message and encapsulates the 
secure financial transaction message in a selective call 
message that includes a selective call address corresponding 
with the destination identifier. This selective call message is 
then distributed to a selective call transmission service in 
response to the destination identifier. The selective call 
transmission service broadcasts the selective call message to 
the financial messaging unit 906 that receives the selective 
call message. Optionally, the financial messaging unit 906 
may send a first message prompting the user to insert a 
Smart Card 920 for funds transfer or the like. 1604 The bank 
would then wait 1606 an appropriate time period 1608, then 
send a data transmission comprising information with the 
account number of the Smart Card 920 to be credited, the 
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amount of the transaction, and coded information to verify 
that the Smart Card 920 to be debited is valid and not a 
counterfeit 1610. Obviously, if the Smart Card 920 is 
integrated with the financial messaging unit 906, steps 1604, 
1606, and 1608 need not be performed. A bank will typically 5 
record 1612 the success or failure of a transaction upon its 
completion 1614. 

In a financial messaging unit 906 having 2-way capability 
1616, the bank can wait for receipt of an acknowledgment 
1618 comprising a returned secure financial transaction 3 q 
message that confirms execution of the financial transaction. 
When the financial transaction is successfully completed, an 
optional message may be presented 1624 to the user at the 
financial messaging unit 906 before the financial messaging 
unit 906 returns to an idle state 1626. Alternatively, if no 55 
acknowledgment is received after a predetermined delay 
period 1620, the bank may re-initiate the prior financial 
transaction 1622. 

In a variation of the operation discussed in reference to 
FIGS. 14—16, the user may remain in communication during 2 o 
the financial transaction, and the bank may receive a non- 
real time acknowledgment that the transaction was com- 
pleted successfully using an alternate path, i.e., one other 
than the RF reverse channel. This can be accomplished by 
either using a 1-way or 2-way paging device in a wired ATM 2 s 
machine, or by having the user remain on a phone or other 
communication device during the entire transaction. 
Additionally, a distinctive audio alert pattern can be gener- 
ated by the financial messaging unit 906 to signal that the 
financial transaction has been completed without error. 30 

Additionally, if an address is detected that is associated 
with a normal messaging function, the financial messaging 
unit 906 will operate as a normal paging device. However, 
if the detected address is associated with a secure data 
transmission address, the secure decoder module may be 35 
activated, the received secure financial message may be 
decrypted, and the information contained in the message 
would be processed in accordance with either the contents of 
the message or with the rules associated with the received 
address. 40 

One of ordinary skill in the art will appreciate that the 
preceding discussion regarding the claimed invention in not 
meant to limit the system to a particular transport protocol, 
wireless media, cryptographic scheme, or physical commu- 
nication device. Consequently, the claimed invention and 45 
other variations made possible by the teachings herein 
represent only a few select ways that a secure messaging 
system for communicating financial information can be 
implemented using the unique principles taught in the 
present invention. 50 

It is in the preceding spirit that we claim the following as 
our invention: 

1. A portable secure financial messaging unit comprising: 
a receiver for receiving a radio frequency signal compris- 
ing a secure financial transaction message; 55 
a selective call decoder coupled to the receiver, the 
selective call decoder comprising: 
a memory that includes a single unique selective call 
address corresponding with a predetermined finan- 
cial transaction type, and 60 
an address correlator coupled to the memory, the 
address correlator operating to determine substantial 
coincidence between the single unique selective call 
address and a received selective call address con- 
tained in the radio frequency signal and correspond- 65 
ing with the predetermined financial transaction 
type; 
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a financial transaction processor coupled to the selective 
call decoder, the financial transaction processor allow- 
ing the portable secure financial messaging unit to 
effect a secure financial transaction based at least in part 
on information contained in the secure financial trans- 
action message, wherein the financial transaction pro- 
cessor decrypts a secure financial transaction message 
coupled from the selective call decoder when the 
address correlator determines substantial coincidence 
between the single unique selective call address and a 
received selective call address; 
a main processor coupled to the financial transaction 
processor and the selective call decoder for controlling 
the receiver, selective call decoder, and financial trans- 
action processor such that the portable secure financial 
messaging unit operates to perform the secure financial 
transaction; 

a low power port coupled to the main processor for 
implementing a communication link between the por- 
table secure financial messaging unit and a sales 
device; and 

a secure decoding function module for serving as a second 
financial transaction processor, wherein the secure 
decoding function module comprises: 
a control logic for governing the operation of the secure 

decoding function module, 
a message entry device coupled to the control logic for 

processing a user initiated transaction, 
a security code processor coupled to the control logic 

for processing secure information, 
a secure ROM coupled to the security code processor 
and coupled to the control logic for storing a plural- 
ity of processing routines, 
a secure programmable read only memory coupled to 
the control logic for storing a plurality of sensitive 
information, and 
a Smart Card input/output module coupled to the 
message entry device and coupled to the control 
logic for communicating between the secure decod- 
ing function module and a Smart Card, 
wherein a received secure financial transaction message is 
decoded by the selective call decoder and passed to the 
secure decoding function module for processing and 
further wherein the secure decoding function module 
communicates to the Smart Card to prevent unautho- 
rized access to information contained in the secure 
financial transaction message. 

2. The portable secure financial messaging unit according 
to claim 1, further comprising: 

a transmitter coupled to the main processor, the transmit- 
ter operating in at least one of a mode to facilitate 
confirmation and authentication of the secure financial 
transaction and to originate a request for the secure 
financial transaction. 

3. The portable secure financial messaging unit according 
to claim 1 wherein a received secure financial transaction 
message is decoded by the selective call decoder and passed 
directly to the financial transaction processor to prevent 
unauthorized access to information contained in the secure 
financial transaction message. 

4. The portable secure financial messaging unit according 
to claim 3 wherein the received secure financial transaction 
message is decrypted by the financial transaction processor 
and coupled to a secure memory that retains information 
decrypted from the secure financial transaction message. 
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5. The portable secure financial messaging unit according 
to claim 1, further comprising: 

a secure message generator coupled to the financial trans- 
action processor and the main processor, the secure 
message generator operating to generate the secure 5 
financial transaction message. 

6. The portable secure financial messaging unit according 
to claim 5 wherein the financial transaction processor 
encrypts and the secure message generator generates the 
secure financial transaction message that is coupled to the 10 
main processor for transmission by a transmitter. 

7. The portable secure financial messaging unit according 
to claim 1 wherein the secure financial transaction message 
comprises a financial transaction request. 

8. The portable secure financial messaging unit according 1S 
to claim 1 wherein the secure financial transaction message 
comprises a cash load request. 

9. The portable secure financial messaging unit according 
to claim 1 wherein the secure financial transaction message 
comprises a fund transfer request. 2 o 

10. The portable secure financial messaging unit accord- 
ing to claim 1 wherein the secure financial transaction 
message comprises a credit request. 

11. A portable secure financial messaging unit, compris- 
ing: 25 

a receiver for receiving a radio frequency signal compris- 
ing a secure financial transaction message; 
a selective call decoder coupled to the receiver, the 
selective call decoder comprising: 
a memory that includes a single unique selective call 30 
address corresponding with a predetermined finan- 
cial transaction type, and 
an address correlator coupled to the memory, the 
address correlator operating to determine substantial 
coincidence between the single unique selective call 35 
address and a received selective call address con- 
tained in the radio frequency signal and correspond- 
ing with the predetermined financial transaction 
type; 

a financial transaction processor coupled to the selective 40 
call decoder, the financial transaction processor allow- 
ing the portable secure financial messaging unit to 
effect a secure financial transaction based at least in part 
on information contained in the secure financial trans- 
action message using the financial transaction proces- 45 
sor which comprises: 

a security code processor that operates to process a 
security code associated with the secure financial 
transaction message in a manner that prevents unau- 
thorized access to information contained in the 50 
secure financial transaction message, 

a secure non volatile read only memory coupled to the 
security code processor, the secure non volatile read 
only memory operating to protect at least processing 
routines that decrypt and encrypt information asso- 55 
ciated with the secure financial transaction message, 

a secure erasable read only memory coupled to the 
secure non volatile read only memory, the secure 
erasable read only memory operating to protect 
information selected from at least one of a private 60 
encryption key, a cash load value, a credit card 
number, 

a bank account number, and financial account balances 
stored therein, 

an input/output interface coupled to the secure eras- 65 
able read only memory, the input/output interface 
allowing transfer of data from the secure erasable 
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read only memory to other components within the 
financial transaction processor, and 
control logic coupled to the security code processor, 
the secure non volatile read only-memory, the 
secure erasable read only memory, and the input/ 
output interface, the control logic operating to 
govern operation of other components within the 
financial transaction processor; 
a main processor coupled to the financial transaction 
processor and the selective call decoder for controlling 
the receiver, selective call decoder, and financial trans- 
action processor such that the portable secure financial 
messaging unit operates to perform the secure financial 
transaction; 

a low power port coupled to the main processor for 
implementing a communication link between the por- 
table secure financial messaging unit and a sales 
device; and 

a secure decoding function module for serving as a second 
financial transaction processor, wherein the secure 
decoding function module comprises: 
a control logic for governing the operation of the secure 

decoding function module, 
a message entry device coupled to the control logic for 

processing a user initiated transaction, 
a security code processor coupled to the control logic 

for processing secure information, 
a secure ROM coupled to the security code processor 
and coupled to the control logic for storing a plural- 
ity of processing routines, 
a secure programmable read only memory coupled to 
the control logic for storing a plurality of sensitive 
information, and 
a Smart Card input/output module coupled to the 
message entry device and coupled to the control 
logic for communicating between the secure decod- 
ing function module and a Smart Card, 
wherein a received secure financial transaction message is 
decoded by the selective call decoder and passed to the 
secure decoding function module for processing and 
further wherein the secure decoding function module 
communicates to the Smart Card to prevent unautho- 
rized access to information contained in the secure 
financial transaction message. 

12. The portable secure financial messaging unit accord- 
ing to claim 11, further comprising: 

a smart card coupled to the financial transaction processor 
via the input/output interface, the smart card operating 
in conjunction with the financial transaction processor 
to couple unencrypted or encrypted information such as 
the secure financial transaction message to the smart 
card for performing the secure financial transaction, 

13. The portable secure financial messaging unit accord- 
ing to claim 11, further comprising: 

a transmitter coupled to the main processor, the transmit- 
ter operating in at least one of a mode to facilitate 
confirmation and authentication of the secure financial 
transaction and to originate a request for the secure 
financial transaction. 

14. The portable secure financial messaging unit accord- 
ing to claim 13, further comprising: 

a smart card coupled to the financial transaction processor 
via the input/output interface, the smart card operating 
in conjunction with the financial transaction processor 
to couple unencrypted or encrypted information such as 
the secure financial transaction message to the smart 
card for performing the secure financial transaction. 
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15. The portable secure financial messaging unit accord- 
ing to claim U wherein the financial transaction processor 
receives and decrypts a secure financial transaction message 
coupled from the selective call decoder. 

16. The portable secure financial messaging unit accord- 
ing to claim 15 wherein a received secure financial trans- 
action message is decoded by the selective call decoder and 
passed directly to the financial transaction processor to 
prevent unauthorized access to information contained in the 
secure financial transaction message. 

17. The portable secure financial messaging unit accord- 
ing to claim 16 wherein the received secure financial trans- 
action message is decrypted by the financial transaction 
processor and coupled to a secure memory that retains 
information decrypted from the secure financial transaction 
message. 

18. The portable secure financial messaging unit accord- 
ing to claim 15 wherein a received secure financial trans- 
action message is decoded by the selective call decoder and 
passed directly to an attached smart card to prevent unau- 
thorized access to information contained in the secure finan- 
cial transaction message, 

19. The portable secure financial messaging unit accord- 
ing to claim 11 wherein the secure financial transaction 
message comprises a financial transaction session key. 

20. The portable secure financial messaging unit accord- 
ing to claim 11 wherein the secure financial transaction 
message comprises a returned cash value. 

21. The portable secure financial messaging unit accord- 
ing to claim 11 wherein the secure financial transaction 
message comprises a returned fund transfer value. 
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22. The portable secure financial messaging unit accord- 
ing to claim 11 wherein the secure financial transaction 
message comprises a returned credit value, 

23. The portable secure financial messaging unit accord - 
5 ing to claim 11, further comprising: 

a secure message generator coupled to the financial trans- 
action processor and the main processor, the secure 
message generator operating to generate the secure 
io financial transaction message. 

24. The portable secure financial messaging unit accord- 
ing to claim 23 wherein the financial transaction processor 
encrypts and the secure message generator generates a 

15 secure financial transaction message that is coupled to the 
main processor for transmission by a transmitter. 

25. The portable secure financial messaging unit accord- 
ing to claim 24 wherein the secure financial transaction 
message comprises a financial transaction request. 

20 26. The portable secure financial messaging unit accord- 
ing to claim 24 wherein the secure financial transaction 
message comprises a cash load request. 

27. The portable secure financial messaging unit accord- 
25 ing to claim 24 wherein the secure financial transaction 

message comprises a fund transfer request. 

28. The portable secure financial messaging unit accord- 
ing to claim 24 wherein the secure financial transaction 
message comprises a credit request. 

30 

* * * * * 
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